lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CA+FuTSewvc1k_JJtZc-NCZmo0y+mjradkP3mM7=1obA2LQFcWA@mail.gmail.com> Date: Mon, 3 Jan 2022 15:55:23 -0500 From: Willem de Bruijn <willemb@...gle.com> To: David Ahern <dsahern@...il.com> Cc: Andrew Lunn <andrew@...n.ch>, David Miller <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Hideaki YOSHIFUJI <yoshfuji@...ux-ipv6.org>, David Ahern <dsahern@...nel.org>, James Prestwood <prestwoj@...il.com>, Justin Iurman <justin.iurman@...ege.be>, Praveen Chaudhary <praveen5582@...il.com>, "Jason A . Donenfeld" <Jason@...c4.com>, Eric Dumazet <edumazet@...gle.com>, netdev <netdev@...r.kernel.org> Subject: Re: [PATCH v5 net-next 2/3] icmp: ICMPV6: Examine invoking packet for Segment Route Headers. On Mon, Jan 3, 2022 at 12:34 PM David Ahern <dsahern@...il.com> wrote: > > On 1/3/22 10:11 AM, Andrew Lunn wrote: > > RFC8754 says: > > > > ICMP error packets generated within the SR domain are sent to source > > nodes within the SR domain. The invoking packet in the ICMP error > > message may contain an SRH. Since the destination address of a packet > > with an SRH changes as each segment is processed, it may not be the > > destination used by the socket or application that generated the > > invoking packet. > > > > For the source of an invoking packet to process the ICMP error > > message, the ultimate destination address of the IPv6 header may be > > required. The following logic is used to determine the destination > > address for use by protocol-error handlers. > > > > * Walk all extension headers of the invoking IPv6 packet to the > > routing extension header preceding the upper-layer header. > > > > - If routing header is type 4 Segment Routing Header (SRH) > > > > o The SID at Segment List[0] may be used as the destination > > address of the invoking packet. > > > > Mangle the skb so the network header points to the invoking packet > > inside the ICMP packet. The seg6 helpers can then be used on the skb > > to find any segment routing headers. If found, mark this fact in the > > IPv6 control block of the skb, and store the offset into the packet of > > the SRH. Then restore the skb back to its old state. > > > > Signed-off-by: Andrew Lunn <andrew@...n.ch> > > --- > > include/linux/ipv6.h | 2 ++ > > include/net/seg6.h | 1 + > > net/ipv6/icmp.c | 6 +++++- > > net/ipv6/seg6.c | 30 ++++++++++++++++++++++++++++++ > > 4 files changed, 38 insertions(+), 1 deletion(-) > > > > Reviewed-by: David Ahern <dsahern@...nel.org> > Reviewed-by: Willem de Bruijn <willemb@...gle.com>
Powered by blists - more mailing lists